Posted
by
Zonk
on Tuesday March 07, 2006 @12:31PM
from the ambitious-google-never dept.

sonsonete writes "Reuters reports that Google is preparing to offer online storage, according to company documents that were mistakenly released on the Web. From the piece: 'The existence of the previously rumored GDrive online storage service surfaced after a blogger discovered apparent notes in a slide presentation by Google executives published on Google's site after its analysts presentation day last Thursday.'"

In principle, not a bad thing, considering Jane & Joe CtrlAltDel don't usually make backups and probably hardly
come close to the actual capacity of their hard drives. Not likely to be a realistic consideration for Slashdotters who
count their media, development tools, etc in the terabytes, though.

But there's the worry that if Google did this, how long before the Bureau of National Security Over Privacy and All
Else presses Google to make content of this online storage available to the FBI? RIAA? MPAA? Cheney Department of Vindictive Leaks?

Google recently squared up against the U.S. Justice Department which has subpoenaed a limited set of data on Google search habits, drawing an outcry from privacy advocates.

It's thought provoking, certainly. Then there's the inevitable:

Google, Inc.
1600 Ampitheatre Parkway
Mountain View, CA 94043

Dear GDrive user, we are very concerned about recent activity with regard to your account. Please verify you User ID at the following link. www.google.com/accounts[links to: update.google-account.info/idpasswdstealer.html]

Remember never to give out your User ID or Password to people you don't know, those who spit while talking, people who do not wash their hands after using the lavatory, wombat ranchers, msn fanboys or anyone with the middle initial of J.

Maybe it'll be done automatically. I'd imagine (hope) that any uploading is done over a secure connection anyways; might as well just not decrypt it at their end to protect everyone's safety a bit. That way the next time they're subpoenaed, they can hand over a mess of encrypted crap that's utterly useless to anyone without a quantum computer (or the password).

Of course, to NSA/FBI/CIA your encrypted GDrive that holds tax documents and family photos will look like it holds al Qaeda training manuals. So when the CIA takes you to Egypt for some fun interrogation and put a knife to your neck, you'll happily give them your passphrase so they can see what's on your GDrive.

Remember, the idea of a honest executive branch that will got to a court to get a permission to spy on you, or that you will get a speedy trial, or even a lawyer is history. Through fear we have allowed the government to become what it is now, blame the neo-conservatives for that if you want. Watch the "Power Of Nightmares" movie [archive.org], I just saw it two days ago, quite enlightening, not totally objective but nevertheless it was worth my time (3 hours).

I never said they couldn't get the password, I just said they'd need it. I'm sure it would be a lot less trouble for them to just take your machine in full due to whatever law that was they put in place, rather than drag you off to Egypt to force out the password. Because if they did that, they'd probably have to kill you - if you're geeky enough to encrypt your files (not especially, but still enough), I'm sure you'd post the incident on every forum you're a member of (or livejournal or whatever, or maybe upload the shot you got off your cameraphone to Flickr). IIRC, they can steal your computer and not even tell you for two months what happened or why (or perhaps longer, but it's not as if you're not going to notice that you're computer's gone missing); you might go on the assumption you've been burgled until it shows up in a battered USPS box on your front steps.

Honestly, if they just hint that my wife/parents/children just might end up in an "accident", it would be enogh for me to shut up. If they could capture a German citizen (El Masri), put a diaper on him, drug him and fly him God knows where for harsh interrogations, then release him in the middle of Albania five month later, then I wouldn't hold it above them to harm my family to get me to shut up... I am surprized that guy even had enough guts to talk about it. I am sure you've heard about him, here is a link [aclu.org] on the ACLU website about his case.

That's not much of a commentary on Google, is it? I mean, if they're willing to take you to Egypt (or wherever) to perform some "rubber hose cryptanalysis," then there's nothing really stopping them from coming in and taking your computer, too. So having your data in encrypted form up on Google's servers really isn't increasing your exposure or risk any.

In fact, if Google encrypted everyone's files when they uploaded them on their GDrive, then it would probably limit your exposure, since then the encryption couldn't be an immediate red-flag. It's easy to single out people who are using encryption and get their passwords through some other means (keysniffing, etc.) when its only a few per thousand or million users, when it becomes universally used then it's much more difficult.

However as other people have pointed out I'm not sure that Google will offer any encryption, not because of government coercion but because it makes the data much harder to index (for advertising and searching purposes) and compress (you don't think that your 325 MB GMail box really takes up 325 MB on disk, do you?).

However as other people have pointed out I'm not sure that Google will offer any encryption, not because of government coercion but because it makes the data much harder to index (for advertising and searching purposes) and compress (you don't think that your 325 MB GMail box really takes up 325 MB on disk, do you?).

The solution is right there. Google should want to handle the encryption themselves rather then have the user upload encrypted data because it will allow them to first index your data, then comp

In a sense you are saying this:
1) Upload to Google
2) Google indexes it
3) Google compresses it
4) Google encrypts it => Google has the key.

After this is done ask yourself, how is your data now more secure against the government looking at it and against other party looking at it, than if you skipped #4 and didn't encrypt. What happens next is this:

1) FBI/NSA/Whatever1984Agency asks Google for you info
2) Google decrypts it
3) Google hands it over it Uncle Sam
4) You have pictures there of you family at Disney World
5) By accident a large trashcan appears in one of the shots
6) Uncle Sam assumes you are scouting for places to hide a dirty bomb
7) You get arrested and detained for 5 months in some unknown prison

So how about the updated procedure to avoid the unpleasand Uncle Sam encounter:
1) Encrypt using a long passphrase that only you will know
2) Upload
3) End

This would work only if everyone would be doing it. Otherwise, as someone has mentioned above, if you are the only one of 10000 people who encrypts his stuff, you will look suspicious and they'll find a why to get the key from you to look what you got in there.

This theoretical GDrive could encrypt your files automagically, this way only YOU from YOUR COMPUTER should be able to view them. Google can skip all these legal problems claiming that they just provide the storage, but doesnt have acess to the contents of the files.

Of couse GDrive will send some meta-information about the files to feed Googles TextAds, probably the same info that GoogleDesktop send, and keep some kind of hash to identify identical files, in order to save server storage.

Good idea, but in order for you to be able to access your file easily from anywhere, wouldn't google have to be in possession of your accounts private key (i.e. stored on their servers)? in which case they would technically have access to any users unencrypted data stored on their servers. I suppose they could get around this by making you download your private key, in which case the portability would be up to you and the easy of use wouldn't be as great.

This metadata can be mined localy, at your computer, before your files are encypted and sent to their servers. This way they will be also sparing their server time, using your machine to process the metadata needed to feed TextAds.

I think he means they would apply a 'text' scanner to a 'binary' encrypted document and there are odds that those letters could be found in many binary document. Thereby you might still be 'flagged' coincidentally.

Ok, that looks like a swipe at Windows and probably not too justified unless you're insinuating this is a hedge against malicious worms.

I'd be more concerned about hard-drive quality. One of my 80GB drives (yeah, I know it's an antique at that size) is making funny noises so it's probably time to move the contents off to another drive (one of the nearly as antique 160GB drives.)

Windows [msversus.org] runs the hard drive far more intensely than Unix/Linux on a standard desktop. Unix usually uses free memory for disk caching much more than Windows. So in another swipe at Windows I suggest you ditch it.

It's not so much that Google can't keep documents from prying eyes, it is that they are in the bussiness of selling ads, and one way they get people to look at the ads is to actively prying open documents to index and match to advertisers. For istance, Google mail works by matching ads to the content of the mail. Your privacy is not specifically violated, but googles still gets to index your information and match it ads. Also there is no guarantee that personal information or corporate secrets won't someday be revealed.

Likewise, the storage scheme will be the same thing. Google now gets to look at your entire life, and figure out how which of thier clients can help you with your lifestyle. Again, your privacy may no be specifically violated, at least in the near term, but it is still too much of a price for me to pay, when i can get the same thing without the risks for $10 a month.

My guess is that Google sees document storage as a beachhead for online word processing, etc. Convincing a business to adopt that kind of stuff will be very hard, because they have to change how their processes work. But if you're an indivudal logged into GMail, and you have a Word doc (or even better, a PDF) or some photos you want to edit and send back to someone, and a link saying "Edit this document" comes up, you might well want to do that. And because they're on Google's servers, it doesn't cannibalize their ad-based business model, and better still, it does cannibalize Microsoft's business model. Basically, by starting with documents, they can move piecemeal into application hosting without losing many options. Then if businesses are interested, they sell ad-free versions, hosted or non-hosted.

Funny, but also a good point. However, I do have a fair number of relatively low security risk files that it would be handy to access anywhere without carrying them on a flash drive. Flash drives are useable almost everywhere, but not quite, and they can get lost, which makes them as much or more of a security risk as files on a fileserver. I actually save a bunch of miscellaneous bits of information as drafts on my gmail account for convenience, but it would be nice to do so as something other than plain text. I'm pretty sure I'm not alone.

One would also expect that a google online drive would be roughly as secure as their mail account (same username and password, potentially different avenues for hacking, however). Email security is pretty important, so if a person is willing to trust their personal communications to Google, why not a few files? Besides, it's probably a lot more secure than the average user's personal computer.

Personally I'd probably use something like this to backup all my media files (Songs, Movies, Audiobooks, etc.,) In which case who cares if it ends up all over the Internet, Sharing is good, sharing MP3's, well that's even better.:)

That raises an interesting possibility. If you upload a file to Google that they already have in someone else's gDrive, there's no need for them to keep two copies of it.Reminds me of way back when on AOL when AOL would store internal email attachments on their servers. "Pirating" something just meant forwarding an email with the attachment that never hit your local computer, drastically reducing the time required since everyone was on slow modems back then.

Good points, I suspect it a bit different under the hood for single instance attachments in an email system versus single instance mass storage, since from an email standpoint you can always trace back an attachment to the original message (i.e. theres a paret-child relationship), and single instance normally doesn't work if say 2 senders send the same file in 2 original (i.e not forwards or replys) messages (in this case the attachment would be stored twice).

The most interesting part of this story is this line:
"With infinite storage, we can house all user files, including emails, web history, pictures, bookmarks, etc and make it accessible from anywhere (any device, any platform, etc)," the notes in the original Google presentation state.
Chief Executive Eric Schmidt in his presentation made a cryptic comment that one goal of Google was to "store 100 percent" of consumer information."
Now, this service might just be vapor. But if it is real. Why would I want to give all my very personal information to a potential advertiser?
It makes me cringe all of the suckers out there that will store their private word, excel or other docs and have no idea how insecure it is.

But for the rest of us, the idea of a cheap online backup (or even free, which would Rock Hard) of our ENTIRE hard drive would be very, very nice. It would be cool if Google provided automatic encryption, but I wouldn't care if they didn't.

You know, if you ever get divorced you can at least wipe your porn off of your computers in case that comes up as an issue. It isn't clear that you will be able to do so with such a service from Google. Also, every bit of communication you made with your extra-marital lover over gtalk will be available as well (I know, I know, you can opt out of this bit).

just because you delete it doesn't mean *they* will delete it - think documents you might regret seeing in court.

If I had anything that sensitive, I would encrypt it anyway.

why do you think Google is going to give you free storage? They aren't benevolent, they are using your data to make a quick buck. Do you really want them to aggregate your life based off your data so they can advertise to you?

I didn't say it would definitely be free, but if it would, sure, let them advertise for me. It would be to

As opposed to trusting all of the intermediaries between you and google? Personally, I trust google to protect my privacy far more than say... Comcast, who has direct unencrypted access to every non-ssl web browsing session, gmail use, or email sent.

Why would I want to give all my very personal information to a potential advertiser? It makes me cringe all of the suckers out there that will store their private word, excel or other docs and have no idea how insecure it is.

Because most people see that getting something "free" in return for giving up their personal information is worth it. Hell, there have been countless "studies" that asked people for their personal identifiable information including mother's maiden name and birthdate with nothing more t

Dude, get on the fan-boi band wagon. It doesn't matter if anything came before. If google does, it will be "better."

Seriously, this might be useful but I would definently want to encrypt that data. It still doesn't obviate the need for local back-ups. My data back-ups are routinely over 4GB is size. No way am I tranporting that up my stinking little DSL connection. But I could see a use for those few must have docs.

Dude, get on the fan-boi band wagon. It doesn't matter if anything came before. If google does, it will be "better."

Without hopping on the "fan-boi band wagon", Google probably will do it better than others. Keep in mind that part of the appeal of GMail was the fact that it was so much faster, easier, and more pleasant to use than any other webmail service. If you remember XDrive and many of their competitors, it's not hard (at all) to imagine that Google could show them up with a better, faster, and easier

don't forget, however, that despite your assertions of how much better than other webmails gmail is, they still don't have a million users of the service. if they've gone over a million - that's a relatively recent occurrence. I'm too lazy to google up the numbers. gtalk is similar; they have not been widely adopted.

so market acceptance is an interesting term - because the market by and large has only accepted google search and not much else.

just go to gmail's main page and there's a link where you can sign up using your mobile. you enter your phone number and they send you a text with an invitation code. i haven'y used it, but i can imagine that its not that big a deal to get a gmail account now.

Like the guy said, it's not hard, but it's not easy either.That's two more steps than signing up for Yahoo Mail takes. And you're not likely to get someone like my father, who doesn't have an SMS-enabled phone and probably doesn't know what an SMS is, to sign up that way. (Actually his first question would be, I can hear it now: "Why the hell do they want my phone number?")

I don't think Google ever wanted to just take over the webmail market overnight, though. It seems to me that they're comfortable with mo

All those schemes, from XDrive to Eazel, fell down because they made no sense on dial-up. Most customers couldn't easily transfer anything but trivial files. (OK, Eazel had some other major problems...)

Once enough people have broadband connections, and if you could just back up deltas and not transfer your whole drive every time, it might make sense.

I have been reading this thread at higher mods because of the number of comments, so I may have missed someone else mentioning this:Anyone remember the first time Apple offered.mac accounts? It was free email, and free storage for a while. It was cool to have a joebloke@mac.com email address for a while. The free storage was fantastic. You just connect to your.mac account, and the drive mounts on your desktop. Simple and brilliant.Then Apple did what every self respecting, money making corporation will ev

"With infinite storage, we can house all user files, including emails, web history, pictures, bookmarks, etc and make it accessible from anywhere (any device, any platform, etc)," the notes in the original Google presentation state.

Chief Executive Eric Schmidt in his presentation made a cryptic comment that one goal of Google was to "store 100 percent" of consumer information.

What is so damned cryptic about that? This has been google's strategy from the beginning, the more info they have about you, the users - the better they can market to you, the users.

I would be worried, of course, about the obvious bad possibilities that can from from this unprecedented access this gives google to our info. But that discussion has been played out with every google took.

This has been google's strategy from the beginning, the more info they have about you, the users - the better they can market to you, the users.

If you take the pessimistic stance that marketing will always happen, regardless, then at least in this scenario you receive marketing that might actually interest you instead of, oh, I don't know, notification about a new brand of tampon (the sorts of adverts that I always see on TV for some reason).

For example, Google would know that by reading Slashdot, you must be male, and automatically exclude you from receiving such misdirected advertisements. Likewise, if Google were in control of all the advertising, the Slashdot crowd would never get another v14gr4 ad again! (since they have no use for it):-)

If you don't like the things in the ads, the show's not being targeted at you. IOW, your peers are NOT watching it. Therefore you should never admit to saidsame peers that you're watching such shows, lest you get made fun of.

oh, I don't know, notification about a new brand of tampon (the sorts of adverts that I always see on TV for some reason).
For example, Google would know that by reading Slashdot, you must be male, and automatically exclude you from receiving such misdirected advertisements.

And we'd get to see endless adds for online dating services featuring scantily-clad hotties that would never use a dating service. Saves on your pr0n bill!

I've said it before and I'll continue to say it, Google has BIG plans that everyone is not piecing together. Long story short, I expect to see Google linux sometime within two years (I'd wager this year). This distro will be intimately linked with the online side of Google for storage and software. This will mean that you can go from your PC at home to any webbrowser on the face of the planet and have all of your information as it would be on your own desktop. ALSO, there's a possiblity of seeing something like Sun has where you can have a desktop open with programs, web pages, and files and then go to another PC and have the same desktop open from either a webbrowser or a future version of Google desktop. What do you think all those mobile computing boxes and dark fiber are for? It's all to make Google local to everyone and very very fast. Wait and see.

dont forget the Google PC rumors with Walmart [slashdot.org], I'm willing to bet that this will happen or something close to it and what we will see is a computer that boots in less than 30sec (a very stripped down and fast linux distro, perhaps on CF or equivalent) and then jumps onto a highspeed net connection to get on the Google network for software and files. Expect to pay less than $200 for this if they do it, because that will be the way to bring down The Beast. [http]

Google's job won't be to create this, it already exists (http://www.openafs.org/ [openafs.org]). They will make it fast by meticulously mirroring 100,000,000TB of the worlds data to their innocuous looking cabinent/cellserver on your street corner, and your mom's streetcorner, and GW's streetcorner, etc... and pouring resources into integrating it better.

And here is the quicker: Google could do that by releasing their Linux Distribution on a Live CD. Users would not even have to install Linux, instead they would merely boot on this Live CD. The environment would be heavily linked to the on-line Google services, and users could edit/modify/save their document transparently over the Internet.

Prediction: Google will create it's own version of Firefox with one distinguishing feature: no address bar.

Google hates the address bar. They want everything to go through their search box (like the Google toolbar). Solution: get rid of the address bar. Have the search box do an automatic "I feel lucky" search if you type in a URL.

Watch the Google ad revenue grow when Google knows every URL that you type, in addition to your every search.

This will be interesting to see if this provides as much space as the Firefox [getfirefox.com] extension [mozilla.org], Gmail Space [mozilla.org] provides. The way it works, apparently, is to allow access to the file attachment method used by Gmail [google.com], providing an interface which appears to be like a file management interface. Very useful!

Hopefully Google will be good and provided enough space to make hacks like this obsolete. Not that they are bad, just inconvenient!

If you find a need to use this Google storage facility but can't quite take off your tinfoil hat, I suppose you could encrypt your files. It will take even Google a while to have a look inside your 128-bit AES file.

So you think that a random Google employee has access to your inbox do you?

No-one at google reads your, mine or anyone else's email.

They're scanned for keywords by a machine and spat out into your browser. The same goes for your search results, too.

There's a big difference between someone reading your emails like some kind of wartime censor and a script running on a machine that adds contextual information. Do you object to Google adding BR tags to your email where it sees a carriage return tag (or whatever) in an incoming email. Are they 'reading' your mail then?

One has to wonder what, if any, restrictions Google has in place to keep GDrive from becoming a file sharing network, assuming it will actually come out.

Even if shares are only 2 GB (about the size of their e-mail accounts), that's still enough for at least one good-quality movie, or 100+ high quality MP3s. All one would need to do is set up a drive and disseminate the login info.

And what about legit use? I rip all my CDs to MP3s (because changing CDs when you get tired of them is a nuisance). My business allows me to store MP3s on my computer for personal use, but I cannot bring a flash drive or other writeable media (including CD-Rs) into the workplace. (Yes, having internet access kind of dilutes this, but I digress.) It would be easier for me to upload as many songs as possible and download them at work instead of trying to convince someone that my flash drive just has MP3s on it.

Maybe they can outright ban certain file types- mp3s, avis, etc. Of course, there's nothing stopping someone from uploading it as spiderman3.doc. And what about the college student that wants to upload a class lecture for later listening or sharing?

If this becomes a reality, it would be interesting to see how they work it.

I work at a reasonably big email provider (about 5 million emails a day).Lately we have noticed a rise on average used space. The reason is that there is a new boy in town: Peer2Mail is one (amongst many) programs that allows users to share (huge) files from free email accounts.

These users gather in forums dedicated to sharing the info of email accounts + passwords + files on them. They sometimes have a caste system, where some are uploaders, others are "account creators", etc. I have seen posts of young b

Let's see if they add much in the way of web-based features (ie. more than just a download and "email this file" UI), or if it's just like other traditional services. For my opinion of why over time, people will want more than that (although most people will use a service from someone as large as Google anyway):

Even though Google seems to be a decent company, there's so much potential for abusing that data. If this becomes a service, the average non-tech person will probably just back up his/her entire hard drive to Google - including things like credit card numbers and other sensitive data. I'm sure rogue employee could skim out some data. On top of that, the current Attorney general seems hell-bent on data mining and has already hit places like Yahoo and AOL. I'm sure something like GDrive (or whatever it wil

I have seen a number of companies in the past offer such services and then they either changed so you had to pay for their services or disappeared. Part of the problem was that, while many offered good solutions, they were often plagued by people using them for pr0n or other illigitmate content. This had the effect of using more bandwidth and storage which they could afford.

Another thing is that many of them were purely web based, and did not neccessarily offer anything like WebDAV to make it easier to transfer the files.

This is not to say that Google will go the same way, but that something will have to happen to avoid the same issues.

This is a nice idea, and could be a good tool, assuming it is done with Google's usual user-friendly simple UIs.My only concern is what Google hope to achieve by storing my data. Letting their machines data-mine my email to show ads is fair enough, but what do they hope to get out of providing this service? Unless they intend to do something a bit dodgy (eg. sell it to governments), it's difficult to see many ways in which they could use my data to their benefit.

So who is going to be the first to create a plug-in that auto-encrypts what it sends and auto-decrypts what it receives - from Google?

That would be sweet to have client side encryption "built in" to whatever the client ends up being. But from the sound of this article, it's probably more like "hacked in" instead of "built in". After all, Google wants to READ what you store....

I'm not concerned about privacy issues, I'll just encrypt all my dad before sending it up there. In fact it would be great if google provided an open source tool that handled the encryption for us both directions. (As long as its open source).

Knowing google, I'm sure they'll give us tons of space and bandwidth, which could make it extremely useful.

Someone remind me though, are there levels of security that are illegal to use? I'm talking laws restricting me encrypting data to a level that the NSA c

No one seems to have mentioned the problem with adaption of this is the restrictions on upload bandwidth. Even the highest speed home broadband service offer terrible upload speeds. I've got the best Comcast is beta-testing today (16M down/1M up) and it's WAY too slow to be keeping the 600 gigs of stuff on my HDs online. I regularly churn up to 20 gigs in a day. Even the Verizon FoIS is only 2M up at best.

When it takes X long to download that nifty video and then takes 16x as long to mirror it up to your GDrive and all the while your latency is shot to hell and even your Download speed is affected... not worth it. As others have noted: think XDrive or Yahoo Briefcase or other similar functions. Myself, I'm quite happy with the 2Gb SanDisk USB device I keep on my keychain...

OMG!!!!!ONEONEA google service! They can't possibly want it for marketing and no government would ever try to get their hands on that tasty data store!

If it sounds good to you then use it How hard is that?

Don't for a moment pretend that a discussion of the security ramifications of using this sort of thing is somehow wrong though, and a lot of non tech savvy types might not even think about how vulnerable their data could be in the hands of a third party.

Your delemma in choosing between a so far mythical Google offering and
HavenCo might be resolved by looking at Haven's monthly prices. They
also charge a stiff price for the bandwidth to get your data to HavenCo.

File Backup Service: 20GB of backup server space on Havenco's high capacity backup server. Backup your important files or secure data in our secure facility. Access via SSH or SFTP only to provide encrypted data transfer. Send us a copy of your data and we will upload for you allowing you to sy